A study by the SANS Institute of hundreds of industrial control systems (ICS) practitioners and cyber security stakeholders across various vertical industries including energy, manufacturing, and oil and gas has revealed that 4 out of 10 ICS practitioners lack visibility into their ICS networks.
That means that 40% defenders are working blind unable to detect a cyber attack, find out where it is coming from and remediate it in a reasonable amount of time. That statistic is even scarier when you take into account that 67% say threats to the ICS systems are high, or severe and critical.
When looking at what the perceived threats are, the top four in order are:
- adding devices that can’t protect themselves to the network.
- internal incidents spurred by accidental actions.
- external threats from hacktivists and state-funded attacks.
- extortion – including ransomware.
ICS cybersecurity threats are growing and identifying attacks continues to be a major challenge according to the annual SANS Institute industrial control systems (ICS) survey, co-sponsored by Nozomi Networks and other industry leaders.
It concluded that while there has been some progress in protecting critical assets and infrastructure, new challenges have emerged.
Four out of 10 ICS security practitioners lack visibility into their ICS networks, which is one of the primary impediments to securing these systems. Ransomware was newly identified as a top threat, along with the growing addition of devices to the network.
Despite almost daily news coverage of recent attacks on unpatched systems, SANS found that only 46% of respondents regularly apply vendor-validated patches; and 12% neither patch nor layer controls around critical control system assets.
While reliability and availability remain the highest priority for OT systems, 69% of ICS security practitioners believe threats to the ICS systems are high or severe and critical.
“The survey confirms practitioners’ intent to move beyond the basics of prevention because industrial intrusion detection tops the list of new technologies they most want to implement,” said Andrea Carcano, Nozomi Networks co-founder and renowned SCADA cybersecurity pioneer. “It’s clear ICS cybersecurity is maturing as operators recognize the likelihood of infiltration and seek early warning to improve resiliency.”
“With more and more unprotected devices making their way into operational networks, and with ransomware, hacktivism and nation state attacks on the rise, owners of critical infrastructure can no longer afford to gamble with weaknesses in ICS security,” said Nozomi Networks CEO Edgard Capdevielle.
“Fortunately, CISOs are taking notice, security budgets are growing and a new generation of ICS security solutions is available to help. As an example, Nozomi Networks’ SCADAguardian was specifically designed to deliver the deep industrial network visibility and intrusion detection that survey respondents say they need. And SCADAguardian’s automated vulnerability assessment gives operators real-time access to device vulnerabilities, updates and patch requirements. As ICS experts, we understand the challenges operators face in securing their industrial networks, fortunately advances in technology are making it easier for them to reduce their risks and improve resilience.”